Resources Included in the Configuration by Default

Configured Devices in lx Branded
Zones

The devices supported by each zone
are documented in the man pages and other documentation for that brand. The lx zone does not allow the addition of any unsupported or unrecognized
devices. The framework detects any attempt to add an unsupported device. An
error message is issued that indicates the zone configuration cannot be verified.

Adding local Linux file systems is not supported. You can NFS
mount file systems from a Linux server.

Privileges Defined in lx Branded
Zones

Processes are
restricted to a subset of privileges. Privilege restriction prevents a zone
from performing operations that might affect other zones. The set of privileges
limits the capabilities of privileged users within the zone.

Default, required default, optional, and prohibited privileges are defined
by each brand. You can also add or remove certain privileges by using the limitpriv property as shown in Step 8 of How to Configure, Verify, and Commit the lx Branded Zone. The table Table 27–1 lists all of the Solaris privileges
and the status of each privilege with respect to zones.

For more information about privileges, see the ppriv(1) man page and System
Administration Guide: Security Services.